Categories: CyberCrimeSecurity

Russia’s FSB Arrests REvil Ransomware Gang Members

Russian authorities said they have arrested members of the notorious REvil ransomware gang, in an unprecedented move said to have been undertaken at the request of the United States.

The gang is believed to have been responsible for some of the most damaging cyberattacks over the past 12 months, including those affecting Colonial Pipeline, JBS Foods and US technology firm Kaseya.

Police worked with the FSB security services to raid 25 addresses and arrest 14 individuals in Moscow, St. Petersburg, Leningrad and Lipetsk, the FSB said.

Authorities seized more than 426 million roubles (£4m), including cryptocurrency, about £860,000 in euros and US dollars, computer equipment and 20 luxury cars.

Homes raided

The REN TV channel broadcast footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

“The organised criminal gang has ceased to exist, and the information infrastructure used for criminal purposes was neutralised,” the FSB said in a statement.

The group members have been charged and could face up to seven years in prison. The FSB said US authorities had been informed of the developments. The US Embassy in Moscow did not immediately respond to a request for comment.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the US.

The US said in November it would offer a reward of up to $10m for information leading to the identification or location of anyone with a key role in the REvil group.


The gang shut down its operations in July, before staging a failed comeback in September and having its information infrastructure hacked and forced offline by an international operation in October.

In November a 22-year-old Ukrainian national was arrested in Romania and charged with activities as part of the REvil gang.

Seven other alleged REvil members were also arrested last year through operations coordinated by Europol.

The surprise operation comes amidst spiralling tensions between Russia and the US over a Russian military buildup on its border with the Ukraine, as Russia seeks guarantees from the West, including that Nato will not expand further.

The raids were announced only hours after the Ukraine was hit by a major cyberattack that shut down government websites, although there was no indication the incidents were related.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

2 days ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

2 days ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

3 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

3 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 days ago